Security Advisory — VShell® 2.x |
|||||||||||||||
In VShell versions 2.3.5 and earlier for Windows, when a host key is automatically created by VShell, the host key file inherits the permissions of its parent directory, potentially allowing access to authenticated users. |
|||||||||||||||
|
Posted: August 16, 2005 Description Secure Shell provides remote, encrypted terminal access to hosts. Some Secure Shell servers running on Microsoft Windows (including VShell prior to version 2.3.6) set nonsecure permissions on the file storing the private Secure Shell server host key. This could allow an authenticated user to obtain the Secure Shell host key and use it to impersonate the server. If an attacker copies the private host key of a server, they can configure another server with the same private key as the legitimate server. Such a server would appear valid to clients if another attack, such as DNS hijacking, was used to trick the client into connecting to the attacker's server.
|
|||||||||||||||
VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.
Here you can control cookies using the checkboxes below. Some cookies are essential for the use of our website and cannot be disabled. Others provide a convenience to the user and, if disabled, may reduce the ease of use of our site. Finally, some cookies provide anonymous analytic tracking data that help us provide the user with a richer browsing experience. You can elect to disable these cookies as well.
